ARCOS® LLC successfully completed a Service Organization Control (SOC) 2 Type II audit for the period October 1, 2017, through March 31, 2018, to ensure the software maker is protecting its utility industry customers. Plante Moran, PLLC, a public accounting and consulting firm, conducted the independent SOC examination and evaluated and tested ARCOS’s internal operational controls and processes.
The six-month audit led to a certification, which ARCOS received in June 2018. The certification expires in June 2019. ARCOS has made its SOC 2 Type II reports available for clients and prospective customers since passing its first audit in 2014.
As hackers increasingly threaten power grids in the U.S. and abroad, software providers that serve utility companies must be vigilant about protecting their customers. According to a May 2016 article from The Hill, “There are more reported cyber incidents in the energy industry than in healthcare, finance, transportation, water and communications combined …”
“The SOC 2 Type II audit verifies the ARCOS software platform and its processes meet or exceed standards for security, availability and confidentiality,” said Ted Schneider, chief technology officer for ARCOS. “A company meeting SOC 2 Type II criteria proves its system can secure client data.”
The audit confirms for utility customers that ARCOS has established and is adhering to effective policies ranging from change-control and security of customer information to data-center access and software “up-time.”
“When it comes to working with the cloud and related IT services, this type of performance and reliability is absolutely essential and increasingly required by regulators, examiners, and auditors,” added Schneider.
Prospective customers are among the typical users of a SOC 2 report, which evaluates a solution provider’s compliance controls. A SOC 2 examination indicates a third-party auditor evaluated a service organization’s controls as they relate to the Trust Services Principles and Criteria. By completing the SOC examination, ARCOS now has third-party verification of its significant control practices and operational procedures.